Technology

Sookasa’s patented technology delivers unprecedented control over the cloud

Sookasa employs file-level encryption on devices and the cloud with AES 256-bit encryption. Sookasa pairs with both Dropbox and Google Drive and essentially decouples the encrypted data from the keys required to decrypt it. Neither the cloud storage service nor Sookasa has access to the user’s raw data.

Sookasa Highlights

Compliant data storage and transmission

Native Dropbox user interface

File-level encryption on devices and on the cloud

Control access to files both inside and outside the organization

Block access to specific devices when stolen or lost

Deny access to specific users in employee-separation scenarios

Full audit trail, including all file operations and sharing events

Compliance with HIPAA regulations

Sookasa facilitates HIPAA-compliant use of Dropbox and Google Drive without compromising the user experience

Access control

Sookasa ensures that only authorized people can access electronic protected health information.

Unique user identification Sookasa assigns unique credentials to users based on their email addresses and secure passwords to identify and track user identities. Learn More »

Data and key separation

Files are stored by Dropbox and Google Drive, but neither has access to the keys. The combination of the cloud storage provider and Sookasa separates the encrypted data from the keys required to decrypt it

Key management

Sookasa manages access to files by distributing the encryption keys using a centralized web-based server

Encryption

Sookasa’s on-device app encrypts each file with a unique AES-256 key

The encrypted file is augmented with signed metadata and includes the file key encrypted by the team master key

The encrypted file is synced by the Dropbox or Google Drive app to the cloud

Decryption

A user tries to open a file from a computer or smartphone

The Sookasa client talks to the server to request the specific file encryption key and sends:
• signed encrypted file metadata
• the user’s credentials
• a unique identifier for the device

The Sookasa server validates the signatures, verifies whether the user and device are authorized to access the files, and logs the request

PermittedThe Sookasa server will provide the appropriate file key so the user can open the file Not PermittedThe user will not be able to view the file